Buffer Overflow Vulnerability in Tenda W9 Router
CVE-2024-4241

8.8HIGH

Key Information:

Vendor: Tenda
Status: W9 Firmware
Vendor: CVE Published:; 26 April 2024

Summary

A significant security flaw has been identified in the Tenda W9 router, specifically affecting version 1.0.0.7(4456). This vulnerability is characterized by a stack-based buffer overflow in the function formQosManageDouble_auto. When the ssidIndex argument is manipulated, it opens the door for remote attackers to execute potentially harmful code, compromising the router's integrity and the network it supports. It is important to note that despite earlier notifications, Tenda has not responded to this disclosure, highlighting a pressing need for users to remain vigilant and apply appropriate security measures.

References

https://vuldb.com/?id.262132

https://vuldb.com/?ctiid.262132

https://vuldb.com/?submit.319823

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2024